Commit Graph

494 Commits

Author SHA1 Message Date
Patrick Schleizer
168ea5a660
shuffle 2019-07-15 08:48:17 -04:00
Patrick Schleizer
2f276cdb10
set back to default group "root" rather than group "sudo" membership required to use su
since root login will be locked by default anyhow

Thanks to @madaidan for providing the rationale!

https://forums.whonix.org/t/restrict-root-access/7658/42
2019-07-15 08:44:28 -04:00
Patrick Schleizer
6d1e8ac9a4
description 2019-07-14 11:16:49 +00:00
Patrick Schleizer
ffb61f43ea
fix, add 'group=sudo' and 'debug' for debugging
https://forums.whonix.org/t/restrict-root-access/7658
2019-07-14 11:11:59 +00:00
Patrick Schleizer
1731196c9f
bumped changelog version 2019-07-13 18:51:32 +00:00
Patrick Schleizer
6af2d7facb
copyright 2019-07-13 18:12:25 +00:00
Patrick Schleizer
75f0ca565d
set -e 2019-07-13 18:12:04 +00:00
Patrick Schleizer
c389e13e1a
use pre.bsh 2019-07-13 17:59:49 +00:00
Patrick Schleizer
7afddb028f
bumped changelog version 2019-07-13 16:30:39 +00:00
Patrick Schleizer
c13485f532
readme 2019-07-13 16:29:10 +00:00
Patrick Schleizer
ea90f95f1c
cleanup 2019-07-13 16:26:40 +00:00
Patrick Schleizer
ea8b22ee78
shuffle 2019-07-13 16:26:14 +00:00
Patrick Schleizer
ca7e0e0161
description 2019-07-13 16:25:08 +00:00
Patrick Schleizer
ffb5a9c482
formatting 2019-07-13 16:23:39 +00:00
Patrick Schleizer
41675ddcff
removed: The amount of hashing rounds used by shadow is bumped to 65536.
This increases the security of hashed passwords.

Since we do not do that currently.

https://forums.whonix.org/t/restrict-root-access/7658/37
2019-07-13 16:21:34 +00:00
Patrick Schleizer
3f031a297d
Removes read, write and execute access for others for all users who have home
folders under folder /home by running for example "chmod o-rwx /home/user"
 during package installation or upgrade. This will be done only once per folder
 in folder /home so users who wish to relax file permissions are free to do so.
 This is to protect previously created files in user home folder which were
 previously created with lax file permissions prior installation of this
 package.
2019-07-13 16:20:14 +00:00
Patrick Schleizer
4740e8b335
cleanup 2019-07-13 16:13:55 +00:00
Patrick Schleizer
834fcc4671
bumped changelog version 2019-07-13 15:17:16 +00:00
Patrick Schleizer
e9eb38b5db
formatting 2019-07-13 15:04:09 +00:00
Patrick Schleizer
e2b6268702
bumped changelog version 2019-07-13 14:58:47 +00:00
Patrick Schleizer
1d8a0dbec7
remove no longer shipped files in etc/pam.d/* 2019-07-13 14:57:51 +00:00
Patrick Schleizer
8e5d45352e
bumped changelog version 2019-07-13 14:55:31 +00:00
Patrick Schleizer
cb668459e8
port umask from /etc/pam.d to /usr/share/pam-configs implementation
https://forums.whonix.org/t/change-default-umask/7416
2019-07-13 10:35:10 -04:00
Patrick Schleizer
ac25733de8
remove etc/pam.d/common-password.security-misc rounds=65536
due to unclean implementation, see:

https://forums.whonix.org/t/restrict-root-access/7658/37
2019-07-13 14:01:53 +00:00
Patrick Schleizer
69b97981f3
convert etc/pam.d/su.security-misc to usr/share/pam-configs/wheel
https://forums.whonix.org/t/restrict-root-access/7658/32
2019-07-13 12:33:51 +00:00
Patrick Schleizer
4079632d1a
remove modifying to /etc/pam.d directly (unrelased)
config-package-dev displace /etc/securetty
remove trailing spaces

https://forums.whonix.org/t/restrict-root-access/7658/31
2019-07-13 11:41:37 +00:00
Patrick Schleizer
cdb7c6f7eb
bumped changelog version 2019-07-11 18:28:04 +00:00
Patrick Schleizer
aee6b34635
fix lintian warning 2019-07-11 18:26:17 +00:00
Patrick Schleizer
a40a04aaec
Merge remote-tracking branch 'origin/master' 2019-07-11 14:08:30 -04:00
Patrick Schleizer
93190ebf10
Merge pull request #25 from madaidan/patch-20
Improve documentation of blacklisting uncommon network protocols
2019-07-11 18:08:01 +00:00
madaidan
1aee08fa5e
Update control 2019-07-11 15:30:09 +00:00
madaidan
b63d4ccb41
Update uncommon-network-protocols.conf 2019-07-11 15:28:56 +00:00
madaidan
853c2eb377
Update control 2019-07-11 15:26:14 +00:00
Patrick Schleizer
f5356cee2c
bumped changelog version 2019-07-11 07:16:38 +00:00
Patrick Schleizer
bea98474ba
chmod +x usr/lib/security-misc/panic-on-oops 2019-07-11 07:07:21 +00:00
Patrick Schleizer
0057c0dd8c
fix lintian warning 2019-07-11 07:07:01 +00:00
Patrick Schleizer
2a893c0562
Merge remote-tracking branch 'origin/master' 2019-07-11 06:50:35 +00:00
Patrick Schleizer
a54500c6f1
Merge pull request #23 from madaidan/patch-18
Blacklist more uncommon network protocols
2019-07-11 06:41:37 +00:00
Patrick Schleizer
7d3a61564d
Merge pull request #24 from madaidan/patch-19
Move disable-coredumps.conf to correct position
2019-07-11 06:41:08 +00:00
madaidan
932524cbd1
Move disable-coredumps.conf to correct position 2019-07-10 15:28:48 +00:00
madaidan
1e4d349516
Update control 2019-07-10 14:28:39 +00:00
madaidan
4058e283a5
Blacklist more uncommon network protocols 2019-07-10 14:27:19 +00:00
madaidan
d70440aaed
Remove duplicate 2019-07-09 21:57:37 +00:00
madaidan
a8b44c75f9
Update control 2019-07-09 21:57:07 +00:00
madaidan
2d27bdd808
Blacklist more uncommon network protocols 2019-07-09 21:55:37 +00:00
Patrick Schleizer
3df6a44e98
also allow members of group sudo to run /usr/lib/security-misc/panic-on-oops 2019-07-09 06:56:23 -04:00
Patrick Schleizer
5fb500ac32
Merge remote-tracking branch 'origin/master' 2019-07-09 06:55:27 -04:00
Patrick Schleizer
e4bb77037e
Merge pull request #21 from madaidan/patch-16
Make the kernel panic on oopses
2019-07-09 10:54:48 +00:00
Patrick Schleizer
0f15303eb4
Merge branch 'master' into patch-16 2019-07-09 10:54:24 +00:00
Patrick Schleizer
8793708906
Merge remote-tracking branch 'origin/master' 2019-07-09 03:23:26 -04:00